Thursday, September 19, 2013

Hey guys, you know what?I added seccomp sandbox to lophttpd. It is an experimentalLinux-only feature, enabled by -DUSE_SANDBOX compile time switch.I really should add that feature to the frontend reverseproxy too as well as getting in touch with FreeBSD'scapsicum in order to support multiple platforms.The benefit is that, even if lophttpd already runs unprivilegedin a read-only chroot, the impact of potential RCE vulnerabilities is even more restricted. The sandbox alsocovers the OpenSSL code, so it is not necessary to useSSL privilege separation any longer.To my knowledge lophttpd is the only webserver that supportsseccomp sandbox.

Additionally, I removed any EC or RC4 based cryptography fromthe SSL code. Basically what you get now is RSA+AES+SHAwhich is believed to be a cipher secure from NSA unlikeNIST based ciphers or probably ECC entirely, not just withthe NIST curves.